Security News

Iran, China-linked gangs join Putin's disinformation war online
2022-05-19 14:00

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests - namely, advancing anti-Western narratives - according to threat-intel experts at Mandiant. It also attributes these campaigns to actors that the threat researchers say are operating in support of nation-states including Russia, Belarus, China and Iran.

Iran-linked Cobalt Mirage extracts money, info from US orgs – report
2022-05-13 12:11

The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team. For the espionage strikes, Cobalt Mirage pulls off targeted intrusions to gain access and collect intelligence, though the snoops appear to be experimenting with ransomware here as well, the threat hunters wrote.

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one
2022-04-26 20:52

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec. VMware patched its flawed software on April 6, and attackers were not far behind.

Russia, Iran, Saudi Arabia are top sources of online misinformation
2022-03-31 02:30

Russia, Iran and Saudi Arabia are the top three proliferators of state-linked Twitter misinformation campaigns, according to a report released Wednesday by the Australian Strategic Policy Institute. The think tank's International Cyber Policy Centre report and corresponding website examined datasets in Twitter's Information Operations Archive to understand state willingness, capability and intent to drive disinformation campaigns.

Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks
2022-02-25 23:01

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
2022-01-13 17:35

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit. On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others
2021-12-15 23:31

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. It's interesting this is coming to light as the US government's Cybersecurity and Infrastructure Security Agency tells all federal civilian agencies to take care of CVE-2021-44228 by December 24, 2021.

Hackers hit Iran's Mahan airline, claim confidential data theft
2021-11-22 18:30

One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss. "Following the news of the cyber attack on the systems of Mahan Airlines, it is reported that due to the position of Mahan Airlines in the country's aviation industry, such attacks have been carried out against this company many times and at different times, so that they may be damaged," reads the translated tweet by Mahan airlines.

Iran's Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa
2021-11-11 00:00

A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred between July and October 2021, researchers from Accenture Cyber Threat Intelligence group and Prevailion's Adversarial Counterintelligence Team said in a technical report.

Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country
2021-10-27 04:16

A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Other signs read, "Free gas in Jamaran gas station," with gas pumps showing the words "Cyberattack 64411" when attempting to purchase fuel, semi-official Iranian Students' News Agency news agency reported.